Ic card system having a function of authenticating destroyed data

ABSTRACT

An IC card includes, in addition to an ordinary data recording processing circuit, an IC chip area including an encrypting circuit, and a magnetic or optical data recording unit mounted thereon. Those items of data at an initialization and final transaction times are recorded in the magnetic or optical data recording unit while a predetermined encryption is made in cooperation with the IC chip area and the terminal for initialization and terminal for transaction. When a data item to be recorded n the IC chip area in the IC card is destroyed, data items recorded on the magnetic or optical data recording area are decrypted to check if the recorded data items are true. If yes, these data items are restored in a new card.

BACKGROUND OF THE INVENTION

The present invention relates to an IC card system and, in particular,an IC card system of such a type that, even if, upon the use of an ICcard as a "prepaid" card for instance, data is found to be destroyedowing to a damaged IC chip, etc., data items, such as a "prepaid"balance, recorded in the IC card can be identified by the IC card andthe terminal in a self-solving way without using any large-scale on-linesystem and can be restored with added safety.

A prepaid card, such as a conventional prepaid telephone card, is notsafe from the standpoint of security, such as the protection of secretdata and prevention of tampering. In the conventional prepaid cardsystem, when data items in the prepaid card are maliciously orinadvertently destroyed by a card owner or any third party, there is nosafe countermeasure for restoring data on a "prepaid" balance.

An IC card equipped with an IC version of a data storing/processingcircuit is outstandingly superior to other cards from the standpoint ofsecurity, such as the protection of secret data and prevention of thetampering of data.

There is a relatively high possibility that, because such an IC chip isembedded in a plastics card, data items in the card will be destroyed,not to mention damage to the IC itself. Further, in the event of thedata items being destroyed in the card, it is not possible to identifydata, such as a "prepaid" balance. Even if any dispute arises between acard owner and a card issuing person in connection with the "prepaid"balance, there has been no effective solution to such a problem.

There is, therefore, a growing demand for identifying and restoring dataitems in the IC card system as set out above. An effective measure,therefore, is necessary to readily identify damaged data without usingany large-scale on-line system and to prevent any possible misuse uponthe re-issuing of an IC card.

It is an object of the present invention to provide an improved IC cardsystem in which final transaction data items, once disturbed byencryption, are recorded in a magnetic or optical data recording unitwhereby, when data items in the IC card are destroyed, the recorded dataitems are read out of the data recording unit to enable the read-outdata items to be readily identified for their truth.

Another object of the present invention is to provide an IC card systemwhich, when data items read out of a magnetic or optical data recordingunit is proved true, restores the true data items in a new IC card.

SUMMARY OF THE INVENTION

According to the present invention, there is provided an IC card systemfor enabling data which is stored in an IC card equipped with an IC chiparea and a magnetic or optical data recording area at its predeterminedarea to be authenticated in cooperation with a predetermined terminal,the system comprising:

a first unit for enabling data which is associated with a finaltransaction by the IC card to be subjected to a predeterminedprocessing, including an encryption processing, by a predetermined dataprocess made between an encrypting area stored in an IC area of the ICcard and a read/write unit in a terminal for identification and betweenthe read/write unit and a common processing unit;

a second unit for enabling data which is subjected by the first means tothe processing to be transferred to the magnetic or optical datarecording area via the read/write unit on the terminal and to berecorded there; and

a third unit for enabling the processed data associated with the finaltransaction which is recorded on the magnetic or optical data recordingarea to be subjected to a predetermined re-processing, including adecryption processing at the read/write unit and common processing unit,when the data in the IC area of the IC card is destroyed, and forauthenticating truth of the data.

According to another aspect of the present invention, an IC card systemincludes a fourth unit which, when the truth of the data re-processed bythe third unit is authenticated, transfers that data from the terminalfor identification to the terminal for initialization and restores itinto a new card.

In summary, the present IC card system comprises:

a first unit for performing a predetermined data processing, includingan encryption processing, relative to an initializing or transactionterminal in cooperation with an IC card and a code preparation unit inthe IC card;

a second unit for recording final transaction data in a magnetic oroptical data recording area of the IC card after it has been disturbedby a predetermined code; and

a third unit for decrypting the data of the recording unit by theidentifying terminal, when it is needed for restoration, so that it isidentified for truth. The present IC card system further comprises afourth unit which, when the data is proved true, enables data on a"prepaid" balance, etc., to be restored by the initializing terminal forre-issuing of a new IC card

In the IC card system as set out below, when an IC chip of the IC cardis inaccessible due to its damage, etc , the card owner requests thecard issuing person to restore data on, for example, a "prepaid" balanceso that it is re-issued

The card issuing person re-processes final transaction data of themagnetic or optical data recording area through decryption with the useof an identifying terminal, for example, a card owner's built-in codefunction F and code key and prepares an identification code and comparesit with an identification code which is read, as a to-be-re-processeddata, out of the magnetic or optical data recording area If there is acoincidence between the two, the card issuing person authenticates it asbeing true, restores the final transaction data and issues a novel ICcard.

BRIEF DESCRIPTION OF THE DRAWINGS

FIGS. 1 to 3 show an IC card system according to one embodiment of thepresent invention, FIG. 1 showing a state of a connection between aninitializing terminal and an IC card as well as a data transfer betweenthem and its control, FIG. 2 showing a state of a connection between atransaction terminal and an IC card as well as a data transfer betweenthem and its control, and FIG. 3 showing a state of a connection betweenthe IC card and an identifying terminal for identifying data of amagnetic or optical data recording area when data once stored in the ICcard, if damaged, is restored, as well as a data transfer between the ICcard and the terminal and its control.

DETAILED DESCRIPTION

An IC card system according to one embodiment of the present inventionwill be explained below with reference to the accompanying drawings.

FIG. 1 shows a state of a connection between an initializing terminalunit Tl and an IC card 20 and a data transfer between the two and itscontrol which constitute one aspect of a restoration device of thepresent invention.

An initializing terminal unit Tl which is placed under complete controlof an IC card issuer as his or her agent includes an input/output unit11, common treating units 12 and read/write unit 13. The IC card 20 isinitialized by the terminal Tl and handed over to a specific person whobecomes a card owner.

The IC card 20 to be used by the card owner includes a magnetic/opticaldata recording area 21 and IC chip area 22.

The IC chip area 22 includes, in addition to an ordinary datastoring/processing unit, a circuit (a code preparing unit) forprocessing a code function (F), both of which are absolutelyinaccessible from the outside. A code key KUC which is unique to the ICcard 20 is accessible by only a specific terminal, etc., which is ownedor designated by a card issuer, and is initially stored in a chip area22 of the IC card.

Those items of issuing data (that is, issuing data TD (1)) as input fromthe input/output unit 11 in the terminal unit Tl or automaticallygenerated from the processing unit 12 are stored as initial history datainto the IC ship area 22 of the IC card 20 from the read/write unit 13in the initializing terminal unit Tl, the items of data containing thedata of issuing, placeof-issuing (initializing terminal ID) code, amountof money received upon issuance, a "prepaid" balance upon issuance, etc.

A symbol (1) in the issuing data TD (1) represents the transfer of dataon the drawing sheet. The same thing can be applied to those items ofdata and code as will be set forth below.

The data TD (1) and authentication code, hereinafter referred to as[identification code TC (2)] generated based on the data TD (1), areregistered in the magnetic/ optical data storing area 21 of the IC card20.

The identification code TC (2) is a multi-digit code uniquely determinedby the issuing data TD (1), that is, a result of an arithmetic operationobtained in accordance with a function F using the code key KUC andtransaction data TD (1), the function F being incorporated into the chiparea 22 in the IC card 20. The code TC (2) is taken into the IC card viathe read/write unit 13 in the terminal unit Tl.

The terminal unit Tl encrypts the identification code TC (2 togetherwith the data TD (1) and delivers it via the read/write unit 13 to themagnetic or optical data recording unit 21 where it is stored.

A relation among the code function F, data TD, identification code TCand code key KUC is represented by:

    TC=F(TD, KUC)

FIG. 2 shows a data transfer, that is, goods or services transferred, bya prepaid action, with the use of a user IC card UC which has been givento the card owner after initialization.

FIG. 2 shows the case where a card owner inserts or loads the user ICcard UC into a transaction terminal unit TT as installed at a shop or ata street corner.

Those items of transaction data (hereinafter referred to as transactiondata TD (1) for the sake of convenience) entered from an output section(an input/output unit 11A) of the transaction terminal TT orautomatically generated from a common control unit 12A are added to ahistory at a time of card issuance, or updated via a read/write unit13A, the transaction data containing a transaction data,site-of-transaction (terminal) code, amount of transaction, "prepaid"balance, prepayment and so on and being the same format as that of theaforementioned issuing data TD (1).

Transaction data TD (1) involved in a final transaction as well as anauthentication code (hereinafter referred to as an identification codeTC (2) for the sake of convenience) generated in the same format as thatof the identification code TC (2) is encrypted via the read/write unit13A and written into a magnetic/optical data storing area 21A in theuser IC card UC.

Although a step of charging or receiving a price or a payment for goodsand services, by a goods/services provider or an agent, as a result of atransaction is omitted for brevity's sake, it is done in the processsubstantially the same as set forth above.

Let it be assumed that data in the chip area 22A in the user IC card UCcannot be read out due to a breakage, etc., of the IC chip area 22A andthat a transaction fails to continue owing to a "prepaid" balance beingplaced in an inaccessible state.

In this case, the owner of the user IC card presents a defective IC cardUC to the card issuing person or his or her agent, claiming that a"prepaid" balance should be guaranteed. The card issuing person or hisor her agent handles a restoring terminal TA as shown in FIG. 3 inaccordance with the claim of the card owner and restores and identifiesthat "prepaid" balance. The card issuing person or his or her agenttakes a proper step such as the reissuing of an IC card to guarantee the"prepaid" balance.

That is, on the side of the card issuing person or his or her agent, acode key KUC of the user IC card UC is arithmetically operated on by theterminal TA in accordance with a secret key KAC and the same function Fas a code function built in the user IC card UC of the card owner aswell as a card recognition data recorded in magnetic or optical datarecording unit 21B inscribed in the IC card, noting that the key KAC andfunction F can be stored in an authentication-only IC card so as tofurther enhance a security level. An identification code TC (3) isgenerated, in the same way as set out above, from the code key KUC thusobtained and transaction data TD (1) in those items of data read out ofthe magnetic or optical data recording area 21B. This identificationcode (3) is compared with an identification code TC (2) in those dataitems which are read out of the magnetic or optical data recording area21B.

If a coincidence occurs as a result of comparison, the transaction dataTD1 in the data items read out of the magnetic or optical data recordingarea 21A can be regarded as being not maliciously altered by something.

The card issuing person or his or her agent performs an issuingoperation of a new IC card 20 (UC), in accordance with the sequence asset out in connection with FIG. 1, with the use of a "prepaid" balanceon a final transaction in the read-out transaction data TD (1).

Although the present embodiment has been explained in connection withthe present invention, when the transaction terminal TT deliverstransaction data TD (1) and identification code TC (2) to the magneticor optical data recording area, TD (1) and TC (2) are encrypted as awhole for enhanced security to place an encrypted one generally under aninaccessible state and encryption is done prior to the process ofrestoring and identifying data, such as a "prepaid" balance, regarding afinal transaction by the terminal TA. This modification constitutes anextension and hence another application which is covered by the presentinvention.

The IC card system of the present invention is operated as set outabove. That is, the final transaction data of the IC card, oncedisturbed by the code, is registered in the magnetic or optical datarecording area. It is, therefore, difficult for any malicious person toread out the final transaction data. Even if the data is tampered with,identification can be made, upon request by the IC card owner, on thecard issuing person's side, whether or not the data in the magnetic oroptical recording area is tampered with. Since data, such as a "prepaid"balance, cannot be restored in a new IC card unless the card ownerconfirms the truth of the data, it is possible to prevent any misuse ofthe card upon re-issuing of it.

Since the present IC card system has the features as set out above, ifthe card owner asks the card issuing person to replace a damaged card bya new one, the person can readily confirm the truth of final transactiondata in the IC card without using any large-scale on-line system andre-issue a new IC card with a restored true "paid" balance, etc.,registered therein, preventing any trouble from arising between the cardissuing person and the card owner. The present IC card system ensureshigh security and hence very high safety.

The present invention can be applied to an IC card system, in general,performing, for example, an individual authentication, data managementand credit transaction.

We claim:
 1. An IC card system for enabling data, which is stored in an IC card having an IC chip area and an optical data recording area at a predetermined area on the IC card, to be authenticated in cooperation with a predetermined terminal, said IC card system comprising:first means for enabling data, which data is contained in connection with a final transaction by the IC card, to be subjected to a processing operation with a transaction authentication code generated in accordance with a code function and an authentication individual key specific for the IC card, the processing operation being done through predetermined data processing made between an external terminal including a common processing unit and an external read/write unit, said terminal being an initialization terminal or a transaction terminal, and said first means further including means for storing the resulting processed data in the IC chip area of the IC card; second means for transferring said resulting processed data to the optical data recording area of the IC card via the read/write unit of the terminal and for recording said resulting processed data on said optical data recording area of the IC card; and third means for checking said resulting processed data associated with the final transaction which is recorded on said optical data recording area, for truthfullness with the use of a code or decoding function of said rear/write unit and common processing unit, when data in the IC chip area of the IC card is destroyed.
 2. The system according to claim 1, further comprising fourth means for, when the truth of the data checked by said third means is authenticated as being true, transferring that data from said transaction terminal to said initialization terminal and for restoring the transferred data into a new IC card.
 3. The system according to claim 1, wherein said data checked by said third means contains data on a prepaid balance. 